General

What is an electronic signature?

Like its paper equivalent, an electronic signature is a legal concept. Its purpose is to capture the intent of the signer to be bound by the terms and conditions in a contract. E-Signature software is designed to facilitate signature capture online, while also creating a process that results in a legally enforceable agreement.

What is the difference between an electronic signature and a digital signature?

The term “e-signature” is often confused with “digital signature”. An e-signature is a legal concept, resulting in an enforceable online process. Digital signature refers to the encryption technology used in a number of security, e-business and e-commerce applications, including e-signatures. In short, we take the best of both technologies and provide you an ELECTRONIC signature application that is built on DIGITAL signature security.

What does an electronic signature look like?

That depends on what type of e-signature you use. If you are e-signing remotely using the click-to-sign method, your signature will appear in a standard font.

Alternatively, if you are face-to-face with a sales representative, you could draw your cursive signature on the rep’s iPad using a stylus or fingertip.

If you are using your mobile phone as a signature capture device, you would also draw your hand-scripted signature and see that cursive signature on the document.

Whether typed or cursive, all e-signatures captured through eSignLive are backed by a watermark and time stamp to indicate the signature was captured electronically.

How is eSignLive different from other e-signature vendors?

We are the e-signature choice for business. eSignLive processes the most regulated B2B and customer-facing transactions in the world.

Highest levels of customer support. With eSignLive, you’ll get a highly responsive team that’s invested in your success. But don’t take our word for it – see the latest e-signature report from G2 Crowd, which rates eSignLive with the highest customer satisfaction score in the industry.

Ability to fully white-label our solution into your systems and apps, so you can provide your customers with a seamless experience. eSignLive is the white-labeled e-signature solution behind some of the most well-known brands in the world including U.S. Bank, Royal Bank of Canada, BMW Financial Services, Country Financial, AAA Carolinas, 21st Century Insurance and many more.

Document authentication: Once a document is signed with eSignLive, it is locked down with a digital signature (essentially a tamper-proof seal). Unlike paper-based contracts and signatures that require careful attention to detail and that rely on the human eye for verification, e-signed contracts based on digital signatures can automatically flag any errors or alterations. So any attempt to alter the document’s contents will render it invalid. Plus, it is not possible to copy and paste a signature since eSignLive also secures the signature blocks with a digital signature. Even with all this security, we make it easy for you to verify the authenticity of the document and signatures – in just one click.

Audit trails: eSignLive captures all the digital fingerprints that people leave as they go through a signing process. These are captured in two types of audit trails: a static audit trail (what the signer signed) and a patented visual audit trail (how the signer signed). eSignLive resonates with legal and compliance teams because these audit trails provide visibility into when and how the transaction took place – something that simply isn’t possible in the paper world. Read more in this blog.

What are the top security features to look for in an e-signature solution?

Strong security requires the right mix of people, processes and technology. Taking a multi-pronged approach to e-signature security in the cloud will ensure your records (and the records of your customers) are handled and managed appropriately. It will also foster customer confidence and protect your organization’s reputation. That’s why we recommend taking a broad view of e-signature security that includes:

The ability to choose the appropriate level of authentication for each of your processes (internal processes require less authentication, while external processes with customers typically require stronger authentication).

Protecting e-signatures and documents from tampering.

Making it easy to verify e-signed records – independently of the vendor – to ensure that no changes have been made to the document since it was signed.

Ensuring the long term reliability of your e-records, independent of your vendor.

Choosing a vendor with a consistent track record for protecting customer data.

It really depends on the type of transaction and the risk associated with it. For example, an online mortgage renewal with an existing customer is a transaction with someone who likely already has online banking credentials. In that case, the customer could log in to the banking portal using their existing credentials, access the renewal document and e-sign it directly inside the online banking portal.

However, if you are initiating a high-risk online transaction with people you have never met and have no previous association with, you may want to use a third-party identity verification service such as Equifax to confirm they are who they say they are. There are many other options for authenticating signers, depending on your risk tolerance, channel, the type of user experience you want to provide, and other factors. To learn more, read the user authentication white paper.

Can I choose where my data resides?

Yes. Data residency is top of mind for organizations today and as result, eSignLive announced expansion into six new international markets by the end of 2015. In addition to existing deployments in the US and Canada, we offer customers around the world access to both public and private cloud instances of eSignLive in Australia, the UK, Germany, Japan, Singapore and Brazil. For example, many of our Canadian customers are already processing their e-signed documents through data centers in Toronto and Montreal.

The same applies to our connectors. For example, our e-signature app for Salesforce provides organizations with the flexibility to connect to any global instance of eSignLive – whether that’s in the US, Canada or any of the six countries listed above. So contracts, NDAs, and documents that are delivered to your customers and partners for signature via Salesforce reside wherever your internal IT policies dictate. eSignLive is the only e-signature solution in the market to provide this level of global flexibility. To learn more, read this data residency blog.

What security certifications does eSignLive have?

Security-conscious organizations are looking for assurance that the vendors they work with meet the necessary security requirements. While there are a number of compliance programs in place at the data center level (e.g., HIPAA, SOC 1/SSAE 16, SOC 2, SOC 3, PCI DSS Level 1, ISO 27001, etc.), as well as military-grade physical controls, we wanted to go above and beyond for our customers. eSignLive meets additional security control and compliance requirements, including:

SOC 2 Type II: In a security audit by EY (Ernst & Young), eSignLive’s data protection technologies and processes were verified as SOC 2 compliant, setting the system and company in the ranks of organizations including Google, Amazon Web Services and Salesforce. We’re proud to offer the only e-signature solution in the market that is SOC 2 compliant. Learn more.

FedRAMP: As the only comprehensive e-signature solution available in a FedRAMP compliant cloud, eSignLive allows government agencies to securely leverage e-signatures in the cloud and take advantage of cost-savings and drive employee and citizen engagement. Learn more.

Health Insurance Portability and Accountability Act of 1996 (HIPAA): For the U.S. healthcare industry, eSignLive is compliant with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA outlines the requirements for the management, storage and transmission of protected health information in both physical and digital form. Learn more

Legal

Are e-signatures legal in the U.S.?

Yes. Today, more than 10 years after the passing of the ESIGN Act, there is no longer any question about whether electronic signatures are legal. Federal and state law gives electronic signatures the same legal status as handwritten signatures. Forty-seven states, the District of Columbia, Puerto Rico, and the Virgin Islands have adopted the Uniform Electronic Transactions Act (UETA). Additionally, the Electronic Signatures in Global and National Commerce Act (ESIGN), a federal law, provides that electronic signatures are legally enforceable for intrastate commerce and within those states that have not adopted UETA.

For more information on e-signature case law and legal best practices, watch these webcasts:

Yes. According to Stikeman Elliott LLP, “All the provinces and territories have stand-alone electronic commerce statutes of general application based on model laws promulgated by the U.N. and the Uniform Law Conference of Canada. For example, in Ontario the Electronic Commerce Act, 2000 addresses the use of electronic documents in commercial transactions. While there are some variations, the provincial e-commerce statutes generally stipulate that signatures, documents and originals are not invalid or unenforceable by reason only of being in electronic form.” For more information, read the full document from Stikeman Elliott entitled, Electronic Signatures in Canadian Law.

Are e-signatures legal in Europe?

Directive 1999/93/EC of the European Parliament and of the Council of 1999 on a Community framework for electronic signatures (also referred to as the 1999 European Directive) establishes the criteria for the legality of e-signatures. It sets out three levels of e-signature (simple, advanced, qualified). According to the Directive, an advanced e-signature based on a qualified certificate satisfies the legal requirements of a signature in relation to data in electronic form – in the same way a handwritten signature satisfies those requirements in relation to paper-based data. For a legal opinion on the enforceability of e-signatures in any given EU country and any local data residency requirements, consult your legal counsel.

For a legal opinion on the enforceability of e-signatures in any given country and any local data residency requirements, consult your legal counsel.

In the U.S., do legal requirements differ from state to state?

Yes and no. The federal Electronic Signatures in Global and National Commerce law (ESIGN) and the state Uniform Electronic Transactions Acts (UETA) are similar in substance, and together enable the use of electronic signatures in commerce throughout the U.S. That said there may be additional regulations, or compliance requirements that apply to certain processes (like truth-in-lending disclosures, or protecting the privacy of medical records). But these requirements exist for paper processes as much as for electronic ones.

Have e-signed documents been challenged in court?

Yes, there is a growing body of case law that is establishing precedence for electronic records and signatures. Examples include:

While there have been several cases of contract disputes involving e-signatures and e-records, most of these cases do not challenge the e-signature itself. Instead, the majority challenge the circumstances surrounding the signing process, such as whether intent was properly established or whether the correct process and evidentiary rules were followed. In some cases, electronic records were accepted as evidence and the transaction under question upheld, in other cases the court did not admit, or at least criticized, the electronic records as evidence. For more information on many of the case law examples cited here, read the ESIGN Is Not Enough: How to reduce legal and compliance risk with electronic evidence white paper.

What are some of the key takeaways from recent court rulings?

In a landmark ruling on the admissibility of electronically stored information (ESI), US Magistrate Judge Paul W. Grimm discussed examples of the essential elements of an effective e-contracting process, notably “creating and securely archiving and retrieving an audit trail of the entire ESI management process, from the steps to verify the identity of the persons signing the record all the way through to sealing electronically the document and then securely archiving and retrieving the e-contract.” In fact, Judge Grimm wrote a 100-page opinion that provides guidance on the authentication and admissibility of electronically-stored evidence.

How can we ensure our electronic records & audit trails will be easy for internal and external auditors to review?

When regulated companies undergo a compliance audit, they are often asked to prove the exact business process they followed. This applies to both customer-facing transactions and internal controls. As part of this, auditors also look for a record of every time key documents were touched, when and by whom. eSignLive provides both document and process audit trails for the purpose of demonstrating compliance to auditors. To facilitate sharing with internal and external parties, a self-contained audit trail package can be exported out of the eSignLive database as a standalone file, and imported into an ECM or records management system. In addition, screens of the process audit trail can be securely output to PDF or paper and sent to auditors so they can review it offline.

What is the ESIGN Act?

The Electronic Signatures in Global and National Commerce Act (e-SIGN) is a U.S. Federal law that was passed in 2000 that enabled the use of electronic records and signatures for commercial transactions. The act essentially enables organizations to adopt a uniform e-signature process across all 50 states with the assurance that records cannot be refused by a court of law solely on the basis that they were signed electronically. Because the act is technology-neutral and doesn’t favor any one type of solution over another, the onus is on the organization to determine how it plans to meet the e-SIGN Act’s requirements for capturing signing intent and authenticating data and signers.

Are there any special requirements for presenting legal disclosures over the web?

As with paper transactions, an organization must still prove that it presented consumers with the government-mandated disclosures in the required format and within the required timeframe. In addition, the organization must be capable of demonstrating that the consumer has consented to receiving disclosures electronically, and that he/she can access the information in the electronic format provided.

Delivering disclosures via your website requires more than simply posting disclosures on a web page. Evidence of the entire disclosure delivery process, including how the disclosure was rendered to the consumer’s browser, and which actions the consumer took, must be securely stored in a single audit trail. To learn more, read our white paper on the Secure Electronic Delivery of Consumer Disclosures.

Does the law require a minimum level of user authentication?

In a word, no. The federal ESIGN law does not specify the type of user authentication to be used with e-signatures. The definition of an e-signature under ESIGN refers to user authentication in the phrase “a contract or other record . . . adopted by a person”; however, it does not specify how the signer should “adopt” the contract or record. Ideally, the choice of a user authentication method should depend on the risk profile of the organization and the process it is automating. Smart cards with digital certificates may make sense when signing highly sensitive military requisitions, but are not necessary for consumers applying for a loan online.

Integration

What third-party integrations are available?

If you are looking to add ‘out-of-the-box’ e-signing workflows to third–party applications like Salesforce, Box, SharePoint, and Dynamics CRM, as well as industry-specific software solutions, visit the Partners section of our website for our complete list of apps & connectors. For customized e-signing needs and system-to-system integrations, our open API and fully supported SDKs (software development kits) enable developers to add e-signing capabilities to their web portals, third party applications, and legacy and home-grown systems.

Where is the best place to get help with my integration?

Our developer community is the best place for developers to get up and running quickly with eSignLive’s API and SDKs.

Are there any quick-start guides with a basic example that I can build on?

An email will be sent to each signer, inviting them to e-sign the documents (note that if you are face-to-face with the signer, you have the option of using your own computer or mobile device to capture their signature). Each signer is guided step-by-step through the signing process (yellow tabs indicate where to sign). Once the documents are signed, they can be downloaded. The e-signed documents can be stored in eSignLive or downloaded for retention in your own system of record and deleted from eSignLive.

Note that the e-signed documents are standard PDF files that can be viewed in Adobe Reader (and other PDF readers).

Do I need Adobe Reader?

Adobe Reader is not required to prepare or sign documents. It is only necessary to open and view e-signed documents (to see all the e-signatures). When viewing a document using Adobe Reader, you can verify that a document and its signatures have not been tampered with.

Other PDF viewers will not necessarily display the signature seal. You will need Acrobat Reader version 5 and up.

Do I need any special software/hardware to e-sign?

No. Signers don’t need anything more than a web browser. When asking customers to sign over the Internet, the best solution is to e-sign documents through a web browser – without asking the customer to download any software. This eliminates the risk that the customer might abandon the process because of frustration and delays caused by software incompatibilities.

Signing with eSignLive is easy. In fact, signers do not even need to create an account. They simply receive an email with a link to a secure site, enter their user name and password, and gain access to the e-sign process through the browser.

What’s more, the Mobile Signature Capture feature in eSignLive transforms any web-enabled touchscreen device into a signature capture pad – eliminating the need for hardware for signing. This feature is ideal for remote account opening and customer onboarding processes, where there is a need for a hand-scripted signature and the document review process take place on a desktop/laptop.

Which browsers does eSignLive support?

Internet Explorer (versions 8 and higher)

Safari

Firefox

Google Chrome

Opera

Which mobile devices can my customers use to e-sign? Which devices are supported?

eSignLive offers you true anywhere, anytime e-signing from any web-enabled device, including a smartphone, tablet and laptop.

Which deployment option is right for me?

eSignLive can be deployed:

On a public cloud anywhere in the world (the most popular option because of speed-to-market and low cost)

On a private cloud anywhere in the world (often selected because of increased security requirements and for greater control over where/how data is stored)

On-premises behind your company’s firewall (selected by organizations that require total control over the servers and data)

Regardless of how you deploy, we offer the exact same product, the same code base and the same user experiencewithout compromising on security or functionality. Our single SaaS platform means that you can start developing using a common REST API and SDKs and deploy however and wherever you want. And if your needs change over time, you have the flexibility to migrate from one deployment to the other, as well as implement eSignLive as a shared service to deliver e-signatures company-wide.